Resources to assist retirement plan practitioners and plan fiduciaries with retirement plan cybersecurity.
Retirement plans can be susceptible to cybersecurity and data security attacks because plans have significant assets and maintain important information regarding participants and beneficiaries (for example, social security numbers, bank account information, and dates of birth).
In order to prevent these attacks, plan sponsors, fiduciaries, and practitioners assisting these parties should understand how to stop potential attacks and have protection processes in place.
Plan sponsors and practitioners that assist plan sponsors should ensure that:
There is a coherent strategy to identify and assess cybersecurity risks.
Policies and procedures are in place to prevent attacks and address what happens in the event of an attack.
Service providers and vendors, including recordkeepers and others, have up-to-date cybersecurity practices since they have access to participant data.
Participants are educated on how to limit and eliminate their risk of an attack.
The proper insurance policies cover the plan and fiduciaries, including cyber insurance in the event of a breach.
The failure to adequately address cybersecurity can be very costly. This Toolkit provides links to several continuously maintained resources designed to help plan sponsors, fiduciaries, and practitioners that assist those parties with cybersecurity in retirement plans.